Kibana object permission

In ElasticSearch the user uses objects such as:

  • Saved search
  • Visualizations
  • Dashboards
  • Patterns

Energy Logserver manages permissions for created objects. The application already has permission groups associated with data permissions. Each user works under Role, which allows him to view the data set. We went further with this functionality, assigning Role an appropriate set of saved searches, visualizations, dashboards and patterns.

The Energy Logserver is equipped with an object management module, available for the administrative role:

By choosing the appropriate Role, we assign permissions to previously created objects.

Choosing the appropriate objects we assign them to Rola, as shown below:

Importantly, the objects are further divided by the READ / UPDATE privilege. In this example, the user will be able to use the listed objects, but he will not be able to modify them. Let's check how it works:

The user sees only one dashboard that he will not be able to modify. If we want to save the changes in the object, we must have the right UPDATE on the object.

An important object on which every user works is "pattern" for data search. This is an extremely uncomfortable object, because it has a "default pattern" setting, which in Kiban each user changes to the other. By default, "default pattern" is globans and users rearrange this setting.

We found a solution to this problem.

Objects of type "pattern" are assigned to Roles, and each user selects "default pattern" which doesn't affect this setting with another user.

Our user in the role of web can see only previously selected "patterns" and freely select for himself a comfortable "default pattern":

What gives us the management of pattern permissions:

  • The user does not need to create their own search patterns anymore, which is especially difficult for new people in the team,
  • The administrator will prepare patters according to uniform rules and assign them to the user through his role,
  • The user can only see his own patterns, which significantly improves navigation in the application
  • The "default pattern" setting is assigned to each user, this setting does not affect other users in the application,
  • The user can always configure his own pattern if he gets the UPDATE permission to the object